Chapter 8.3 issue with CSRF when using delete to sessions#destroy

[dennisharrison]

https://github.com/learnenough/rails_tutorial_sample_app_7th_ed/blob/main/app/views/layouts/_header.html.erb#L29

snip from the console output:

Started DELETE "/logout" for 172.22.144.1 at 2022-05-21 14:13:25 -0500
Cannot render console from 172.22.144.1! Allowed networks: 127.0.0.0/127.255.255.255, ::1
Processing by SessionsController#destroy as TURBO_STREAM
Can't verify CSRF token authenticity.
Completed 422 Unprocessable Entity in 1ms (ActiveRecord: 0.0ms | Allocations: 459)



ActionController::InvalidAuthenticityToken (Can't verify CSRF token authenticity.):

actionpack (7.0.3) lib/action_controller/metal/request_forgery_protection.rb:251:in `handle_unverified_request'
actionpack (7.0.3) lib/action_controller/metal/request_forgery_protection.rb:284:in `handle_unverified_request'
actionpack (7.0.3) lib/action_controller/metal/request_forgery_protection.rb:273:in `verify_authenticity_token'

[dennisharrison]

Downloaded sample code and it's not showing the same behavior. I guess I get to learn how to debug this :)

[dennisharrison]

OK, so putting: https://github.com/learnenough/rails_tutorial_sample_app_7th_ed/blob/main/app/views/layouts/application.html.erb#L7-L8

into the _rails_default.html.erb and rendering it as suggested in 5.18 causes this error. Not using the partial to render the CSRF and doing like you have in the application.html.erb in this repository works fine. 🤷‍♂️

Cheers!